HackTheBox - Facts
· ✍️ sckull
camaleon-cms-2.9.0
CVE-2025-2304
Ruby
Mass-Assignment
path-traversal
CVE-2024-46987
MinIO
ssh2john
facter-privesc
In Facts we exploit two vulnerabilities in Camaleon CMS that allow privilege escalation and local file reading. From there we gain access to a MinIO object storage bucket containing a user's SSH private key, crack its passphrase, and land a shell. Finally we escalate to root by loading a malicious Ruby script through a privileged `facter` sudo rule.
